On 02/04/15 18:14, Andrey Repin wrote:> Greetings, Rowland Penny!
>
>>> Once again:
>>> winbind gives /bin/false
>>> sssd gives /bin/bash
>>> The user has:
>>> loginShell: /bin/bash
>>>
>>> If it doesn't matter for you, don't worry!
>>>
>>>
>> That is *NOT* an error,
> NSS backend outright lying to the user is not a bug?
> What is it then? A butterfly?
> You're making so little sense, I begin to doubt your qualification.
>
>> that is the way the winbind built into the samba
>> daemon works, it does not pull anything else from AD other than the
>> users uidNumber and the gidNumber of their primary group.
>> There is a work round involving the 'template' directories that
can be
>> set in smb.conf, these affect everybody that connects to the machine it
>> is set on, per user settings cannot be set.
> That is a direct contradiction to the very idea of having a single
> authoritative user management database.
> Or, if you like, I can compress the previous phrase into one word, starting
> with "b".
>
>> It is one of the reasons against using the DC as a file server,
> How's setting winbind on a member server would alter the outcome?
>
>> but there are others. People have complained about the hard drive
filling up
>> until the DC is restarted, there have also been problems with excessive
>> use of memory.
> That's clearly indicate bugs breeding and multiplying in the
application.
> Instead of telling people "oh, just don't do it", why not fix
the bugs?
>
>> I will put it this way, which part of the following statement do you
not
>> understand ?
>> *We _do not recommend_ using the Domain Controller as a file Server*.
> So, you are recommending to not use domain controller at all, I got it
right?
> Because a system that does nothing at all, just sitting there and grinning,
> is an useless junk and should be discarded as soon as possible.
>
>> As taken from the DC page on the samba wiki.
>> I have no worries about using windbind, it works for me because I use
it
>> as recommended, it would seem that you are the one with the worries.
> So, you are not using your linux servers for terminal access?
> SSH/SFTP/Git/whatever?
> That explains your ignorance.
>
>
Look, I am with you here, samba no matter where you use it should use
the rfc2307 attributes if they are available, but they aren't all used
on the DC. We will just have to wait until the devs get round to making
the others work. It is no use complaining to me, I actually opened a bug
on this for 4.2rc2 10886, perhaps if people add to this, something may
happen, I don't know, I have no control over the devs.
Rowland